Sheet:Introduction
Introduction
This document describes the IP flows involved in the OmniPCX Enterprise (OXE) solution for medium and large enterprises. Its aims is to allow a network
administrator to precisely configure its firewall devices to open the minimal amount of ports required to have a working OXE installation in its specific
deployment.
Every ingress and egress IP flows of each device of the OXE solution is described in a separate table. For each flow, source and destination ports are
mentioned along with the category of the flow: whether it is for user (voice) transport, signalling, management or support. This enables network
administrators to for example block at their firewalls all IP flows related to the activity of support, enabling them through on demand of a technician only.
Document organization
A first group of tab explains the notions and notations introduced later in the document. Those tabs are: Glossary, Headres, Services, Planes, Port Ranges.
The second group of tabs list the actual ingress and egress IP flows for the various network elements comprising the OXE solution. The elements are
grouped together into a reduced number of tabs: CS for the Call Server, MG for all types of media gateways, UA phones for all kinds of UA phone whether
hard phones (IP Phone and IP touch) or soft, OTUC, OTCC.
This document has been updated for OXE R7.1
Differences with the previous edition are marked in column 1
2/38
Sheet:Glossary
Glossary
Only terms and acronyms used in a way different than standard or specific to the OXE solution are listed here.
Some terms actually represent functions found on one or the other element of the OXE solution. In that case the third column specifies where this
function is located.
Term
Meaning
4760
OmniVista console for the configuration, maintenance, accounting, and handling of
alarms of one or more OXE systems. OmniVista consists of 4760 clients connecting to
a 4760 server. The 4760 server in turn controls the OXE CS.
4059
Operator station on Windows PC
4635
Voice mail on A4400 hardware
4645
Voice mail on Alize hardware
4760i
E-config: light version of OmniVista Application
Alcatel Audio Station: a Windows application to record voice guides for the automated
AAS
attendant or voice mail system later transfered to the PBX.
ACAPI
Alcatel Configuration API: an API offered on Windows systems to enable applications
to remotely configure the OXE.
ACD
Advanced Call Distribution
AHL
Alcatel Hospitality Link to interface OXE with applications specifics to the
Hotel/Hospital business.
ATAPI
Alcatel Telephony API
Audiocode
Analog fax interface over IP, using the H.323 protocol suite.
Configurable value giving the lower bound of the range of port used on the LAN to
BASE_PORT
carry voice conversations. The range width is 256 ports.
Contact Center Distribution: calls distribution to agents or other resources
CCD
CMIP
Common Management Information Protocol
CMIS
Common Management Information System
CS
Communication Server
CSTA
Computer Supported Telephony Applications
Assigns IP addresses on a subnet + gives other subnet configuration information and
DHCP server
TFTP server address
MediaGateway applicative
GA
GD
MediaGateway driver
High Speed Link used between a GD and additionnal Aliz chassis.
HSL
INTerconnecting on IP network: Internode or H323 gateway and IP devices
INTIP-A
INTIP-B
INTerconnecting on IP network :only IP devices
IP link
Alcatel proprietary protocol used to control a Media Gateway. Also called UA when
targeting a phone set (IP phone or IP touch).
Synthesis of IP flows in OmniPCX Enterprise solution
Some WindowsPC
3/38
Term
IP phone
IP touch
IPP
LDAP server
LIOE
MAO
MG
MIB browser
Meaning
V1 (4098RE), V1S (4098FRE), V2 (embedded box) models
Also called NOE phone. IP phone sets have references: 4018, 4028, 4038, 4068
Abreviation for IP phone
Any LDAP server containing Phonebook information.
Link Optimizer board Ethernet: Inter-nodal and H.323 gateway
OXE central configuration database.
Media Gateway.
SNMP manager collecting information from the various network elements using the
SNMP protocol to browse the elements' internal databases (MIBs).
MIPT
MOXA box
MSM
NMD
NOE
NOE IP
NTP server
OAW
OTS
OTUC
PC admin
PC support
PRS
RADIUS
rGD
STAP
SSM
SVP
Sheet:Glossary
Function usually assumed by
A Windows PC
An administrator PC or workstation
A Windows PC
4/38
Term
Syslog
TFTP server
Trap supervisor
Trusted router
Meaning
A Linux framework enabling application to add entries to an event journal with
indication of the emitting facility indication, severity level, system name, date and time,
and free format text. The framework offers a rich dispatch mechanism, even allowing
records to be offloaded to a remote system.
Download boot image voice guides, phone configuration information, binaries
download (VoIP boards/setc), etc
System receiving the various events sent by all the network elements connected to the
customer's network.
UA phone set
UPS
TSCLIOE
UA
Sheet:Glossary
Function usually assumed by
The Call Server
5/38
Sheet:Headers
Column headers
The meaning of the various column headers used in the product tabs (CS, 4645, UA phones, ...) is given here.
Not all headers are present in every tab.
Header name
Purpose
Plane
Protocol
Initiator
Source port
Responder
Service port
Condition of activation
Admission control
OXE version
OTUC version
Meaning
Example
427/tcp, Dyn_Voice/udp
NOE, GD
23/tcp, 12345/udp
login/password, cookie
For more
information see
tab
Services
Planes
Services
Port ranges
6/38
Header name
Confidentiality
Integrity
Notes
Meaning
Example
Sheet:Headers
For more
information see
tab
7/38
Sheet:Services
Services
Important:
The list below includes all IP services known to be used by Alcatel past and future products.
In no way this list implies that those ports shall be opened for the CSBU solution to deliver its expected service.
Name
Port
Standard
N/A
RFC 777
FTP data
20/tcp
RFC 959
FTP control
SSH
21/tcp
22/tcp
RFC 959
pending RFC
(WG=secsh)
telnet
23/tcp
RFC 854
SMTP
Domain Name Server (DNS)
Bootps/DHCP Client
25/tcp
53/udp
67/udp
RFC 2821
RFC 1034
RFC 2131
Bootpc/DHCP Server
TFTP
68/udp
69/udp
RFC 2131
RFC 1350
HTTP
80/tcp
ICMP
NTP
IMAP
SNMP trap
123/udp
143/tcp
162/udp
RFC 1945,
2068, 2616
RFC 1305
RFC 3501
RFC 1157
LDAP
HTTPS
shell
syslog
RIP
moxatty
389/tcp
443/tcp
514/tcp
514/udp
520/udp
1028/udp
RFC 2251
RFC 2818
RFC 1282
RFC 3164
RFC 2453
prop. NAOS
Condition of
version?
Description
Only ping function is used by the voice applications: IPMP echo request and ICMP
echo reply. The IP stack may use other ICMP services as well (example: path MTU
discovery).
Only data is sent or received through this port. In FTP active mode the FTP server
opens the data connection towards the FTP client using this as the source port. In
passive mode the FTP client opens the FTP data connection towards the FTP
server using this port as the service port.
FTP standard service port. Used by client to establish the control connection.
Provides a robust, proven and extensible solution for secure connections
Used for remote connection for maintenance purpose and for management tool
(4760)
Alarms towards 4760 (no listening on)
Only used by SIP devices in case of spatial redundancy
Dynamic IP address management request to PC installer for CPU installation (no
listening on)
DHCP server for IP-Phones, GD, GA, INT-IP B boards, PCs,.
TFTP server used for binaries downloading for IP-Phones, GD, GA, INT-IP B
boards; for voice guides downloading to GD, GA boards
Browser for 4760i
Synchronization of Ccview clients (ACD V2) and Call Server
Internet Message Access Protocol
Call Server incidents (SNMP traps) notification to a Network Management Platform
LDAP client access in case of phonebook overflow
Secured Web Server by SSL protocol
Remote Shell for command execution
>=R6.2
Routing Information Protocol
Nport product from MOXA company to have multiple V24 accesses
8/38
Name
Port
Standard
1718/udp
1719/udp
1720/udp
1720/tcp
1812/udp
1961/tcp
9090/tcp
ITU-T H.323
ITU-T H.323
ITU-T H.323
ITU-T H.323
RFC 2865
prop. ALA
ITU-T H.323
2048/udp
10000/udp
dynamic port
2533/tcp
prop. ALA
prop. ALA
prop. ALA
Network access for Alcatel configuration applications based on ACAPI v1.x (CMISD,
ABC-A and TSE applications) and sending of Accounting tickets over IP
PAD X.25
BTlink
BTlink
netaccess
pad (packet
assembly/disassembly)
cmisd
saverest
2534/tcp
ITU-T X.29
2535/tcp
2536/tcp
ITU-T CMIP?
prop. ALA
acd
2538/tcp
prop. ALA
builddistant
loaddistant
auditres1
auditres2
acdccs
acdpcag
suprout
alb
rtest
rcsta
2539/tcp
2540/tcp
2541/tcp
2542/tcp
2543/tcp
2544/tcp
2545/tcp
2546/tcp
2554/tcp
2555/tcp
prop. ALA
prop. ALA
prop. ALA
prop. ALA
prop. ALA
prop. ALA
prop. ALA
prop. ALA
prop. ALA
prop. ALA
STAP, hybrid-vpn
notif-gsm
redundancy
2556/udp
2557/udp
2558/tcp
prop. ALA
prop. ALA
prop. ALA
Condition of
version?
Sheet:Services
Description
>=R7.0
H.323 Internal Gatekeeper. Closed by default after F1.602.3m
H.323 Internal Gatekeeper
9/38
Name
Port
Standard
rsl
rlis
ahltcp
dhcdupli
dhcdupli_m
dhcdupli_s
servobs
servobs_c
dhcdupli_c
tftpd_dow
netadmin
2559/udp
2560/tcp
2561/tcp
2562/tcp
2563/udp
2564/udp
2565/tcp
2566/tcp
2567/udp
2568/udp
2569/tcp
prop. ALA
prop. ALA
prop. ALA
prop. ALA
prop. ALA
prop. ALA
prop. ALA
prop. ALA
prop. ALA
?
prop. ALA
prslink
nut
2570/udp
3305/udp
3305/tcp
3493/udp
3493/tcp
3595/tcp
prop. ALA
prop. NUT
>=R6.0
<R6.2
prop. NUT
>=R6.2
RFC 3804
RFC 3501
prop. ALA
RFC 3261
securid
4020/tcp
4021/tcp
4033/tcp
4560/udp
5060/udp
5060/tcp
5500/udp
prop. RSA
securidprop
5510/tcp
prop. RSA
sdlog
5520/tcp
prop. RSA
sdserv
5530/tcp
prop. RSA
nmccs
SIP gateway (Alcatel)
5540/tcp
6060/udp
prop. ALA
RFC 3261
incid2trap
12300/udp
13200/udp
Protocol used by the clients supporting the SecurID One-Time Password token to
communicate with the RSA SecuriID authentication server.
Protocol used by the clients supporting the SecurID One-Time Password token to
communicate with the RSA SecuriID authentication server.
Protocol used by the clients supporting the SecurID One-Time Password token to
communicate with the RSA SecuriID authentication server.
Protocol used by the clients supporting the SecurID One-Time Password token to
communicate with the RSA SecuriID authentication server.
NMD supervision (4760i)
SIP gateway service port when the SIP proxy is active on CS (SIP gateway is
available on port 5060 when SIP proxy is not active).
Call Server incidents: resynchronization port for Network Management Platform
nut
ATAPI
VPIM
VIMAP
H.323 monitoring (Alcatel)
SIP proxy
Condition of
version?
Sheet:Services
prop. ALA
Description
Alcatel Telephony API used by CTI applications to drive the Call Server for example
to dial outgoing phone calls.
Voice Profile for Internet Mail
<=R5.1
>=R5.1.1
10/38
Name
alzbootps
alzbootpc
RTP/RTCP
Port
Standard
23400/udp
23401/udp
3200032255/udp
RFC 2131
RFC 3550
Condition of
version?
UA
Dyn_Voice/udp
32128/udp
<R5.1
>=R5.1
prop. ALA
32640/udp
UA lite
32641/udp
<R5.1
>=R5.1
prop. ALA
Description
Non standard ports used by OmniPCX Office (OXO) to implement the DHCP service
Dyn_Voice/udp
3251232767/udp
Sheet:Services
>=R6.2
Standard RTP protocol used to carry voice over IP. Ports from this range are used
by installations made while releases prior to R5.1 where current or by installations
having migrated from those older releases .
The range width is not configurable. The range base port number is configurable
through MAO.
Standard RTP protocol used to carry voice over IP. Ports from this range are used
by every new installations since R5.1.
The range width is not configurable. The range base port number is configurable
through MAO.
Alcatel proprietary signalling protocol, used on this port by installations having
migrated from releases older than R5.1
Alcatel proprietary signalling protocol, used on this port by every new installation
since R5.1
Only the START_RTP and START_FAX messages from the Alcatel proprietary
signalling protocol are sent in this protocol: i.e. no Dlink is maintained.
11/38
Planes
IP flows can be grouped by the broad purpose they fullfil. One possible grouping is into groups called 'planes'. One
group -or plane- is used to identify flows carrying data directly useful to the user (e.g. voice), another group carries for
example information required to establish the flows seen by the user (e.g. signalling).
The following 4 planes are identified in the OmniPCX for Enterprise solution:
Plane name
user
Plane description
This plane contains all the flows directly useful to the end user, other flows that may look like user
flaows whose content is like email exchanges or file transfert belong to the user plane only if
resulting directly from a user request.
Example of a flow belonging to this plane is: voice (RTP) flows for the OXE.
Example of a flow that do not belong to this plane but to the control plane is: email exchanges
between two voice mail systems to synchronize the states of the various user voice mailboxes.
control
management
support
all IP flows used to enable transport of information in the user plane belong to this plane. This is
phone signalling, but also the FTP data transfer when used to synchronize for instance the
configuration between 2 cooperating systems.
Flows in this plane are mandatory to go through a firewall unless condition of activation proves
that they are not used in a given deployment.
In this plane we find all flows used to manage the system, for example to configure, establish
statistics, perform user billing.
Flows between the Call Server and the 4760 server fall mostly into this plane.
All IP flows occuring in this plane are not needed for the day to day operation of the system (all
the 3 planes above are mandatory). Flows in this plane appear on a network for example during
maintenance operation (e.g. system software upgrade) or support operation (e.g. when
debugging voice quality problems).
Sheet:Planes
12/38
Sheet:Port ranges
Port range
name
Dyn_CS
Dyn_MG
4999
ou
44999
10000
20000
10000
10499
GD
GA
INT_IP boards
Linux
1024
4999
32512
32767
IPphone
IPtouch
SSM, MSM
?
VxWorks
?
2048
1024
?
65535
65535
?
VoWLAN solution
1024
65535
Dyn_Win
Microsoft Windows
1024
4999
Dyn_Lnx
Linux (OTUC
servers)
?
GD
INT_IP A
Linux RH 7.3
32768
60999
?
21000/tcp
?
21999/tcp
Dyn_?
Dyn_H225_CLT
Notes
13/38
Port range
usage
H.323
connections
Port range
name
GD
GA
INT-IP A
INT-IP B
46x5
25999/tcp
31000/tcp
31059/tcp
7918/tcp
7953/tcp
32000/udp
32512/udp
32255/udp
32767/udp
Sheet:Port ranges
Notes
Voice
connections
Dyn_MS
Dyn_Audiocode
OTUC Media
Server
Audiocode
12000/udp
4000/udp
12079/udp
4072/udp
14/38
Sheet:CS
Protocol
Client
Initiator
Source port
Server
Responder
Service Port
control
ICMP
router
N/A
CS
N/A
support
FTP
CS
Dyn_CS/tcp
CS
21/tcp
control
SHELL
CS
Dyn_CS/tcp
CS
514/tcp
control
SSH
CS
Dyn_CS/tcp
CS
22/tcp
Dynamic IP configuration
control
DHCP
68/udp
CS
67/udp
control
TFTP
GD, GA
INT_IP B
IPP, NOE
VoWLAN
GD, GA
INT_IP A, B
IPP
NOE
Configure in
netadmin since
R5.1
If CS not in
securized
mode.
If CS not in
securized
mode.
If CS in
securized
mode.
Always on
Dyn_MG/udp
Dyn_INT_IP/udp
69/udp
Dyn_NOE/udp
CS
69/udp
Always on
TCP
wrappers
Web server
control
HTTP
4645
Dyn_?/tcp
CS
80/tcp
If CS not in
securized
mode.
none
control
HTTPS
4645
Dyn_?/tcp
CS
443/tcp
If CS in
securized
mode.
none
control
NTP
123/udp
2048
CS
NTP server
CCD
Trap supervisor
123/udp
SNMP
CS
NTP server
CCD
MIB browser
161/udp
SNMP
CS
1024
Trap supervisor
162/udp
?/udp
CS
12300/udp
>=R5.1.1
?/udp
CS
13200/udp
<=R5.1
SYSLOG
CS
Dyn_CS/udp
Syslog server
514/udp
RIP
CS
trusted router
CS
Dyn_CS/udp
Dyn_?/udp
Dyn_CS/udp
CS
520/udp
RADIUS server
1812/udp
Purpose
managem
ent
managem
SNMP traps
ent
TEL incidents translated managem
into SNMP traps
ent
managem
ent
Syslog journaling system control
control
RADIUS
Condition of Admission
OXE
Authenticati Confident
Activation
control? version?
on
iality
Configure in
netadmin
Notes
ICMP redirect
TCP
wrappers
password for
mtcl
TCP
wrappers
TCP
wrappers
>=R6.0
none
>=R6.1
yes
community
string
Configure in
netadmin
>=R6.2
none
By
configuration
>=R7.0
no
15/38
Purpose
Plane
Protocol
Client
Initiator
Sheet:CS
Source port
Server
Responder
Service Port
managem
Network access server for
ent
applications (CMIS, accounting tickets
on the fly)
PBX configuration
control
AOML
Remote application
(ABC-A,TSE,OTS)
Dyn_?/tcp
CS
2533/tcp
CMIP
OTS
Dyn_?/tcp
CS
2535/tcp
Remote test
support
Rtest
Remote application
Dyn_?/tcp
CS
2554/tcp
Audit of CS configuration
control
Builddistant
CCD
Dyn_Win/tcp
CS
2539/tcp
control
Loaddistant
CCD
Dyn_Win/tcp
CS
2540/tcp
control
RSL
another CS
Dyn_CS/udp
CS
2559/udp
managem
ent
control
RLIS
Remote application
Dyn_?/tcp
CS
2560/tcp
prop. ALA
Remote application
Dyn_?/tcp
CS
2561/tcp
Condition of Admission
OXE
Authenticati Confident
Activation
control? version?
on
iality
none
in a network of PBXs
By
configuration
By
configuration
AHL link over IP for Hotel/Hospital with
external management
Remote application
2566/tcp
CS
2565/tcp
prop. ALA
Remote application
Dyn_?/udp
CS
9743/udp
control
control
control
control
NUT
NUT
NUT
NUT
UPS device
UPS device
UPS device
UPS device
Dyn_?/tcp
Dyn_?/udp
Dyn_?/tcp
Dyn_?/udp
CS
CS
CS
CS
3305/tcp
3305/udp
3493/tcp
3493/udp
control
Dyn_CS/udp
Dyn_?/udp
Dyn_CS/tcp
2556/udp
control
CS
Softphone
CS
CS
Redundancy
STAP
hybrid-vpn
prop. ALA
CS
2558/tcp
dhcdupli
control
prop. ALA
CS
Dyn_CS/udp
CS
2562/udp
control
prop. ALA
CS
Dyn_CS/udp
CS
2563/udp
control
prop. ALA
CS
Dyn_CS/udp
CS
2564/udp
control
prop. ALA
CS
Dyn_CS/udp
CS
2567/udp
control
UA
CS
BP+128/udp
GD
BP+130/udp
survivability
mode only
support
ASCII
CS
Dyn_CS/udp
GD
BP+130/udp
Activation in
MAO
control
UA
CS, INT_IP A
BP+128/udp
BP+128/udp
control
UA
CS, INT_IP A
BP+128/udp
GD
INT_IP B
IPP, NOE
Signaling link
BP/udp
no
By
configuration
prop. ALA
managem
ent
support
DECT observation
Notes
<R6.2
<R6.2
>=R6.2
>=R6.2
no
no
Only when CS
is duplicated.
Only when CS
is duplicated.
Only when CS
is duplicated.
Only when CS
is duplicated.
Only when CS
is duplicated.
A remote GD lost its signaling link to
CS and opened a PSTN connection to
its rescuing GD.
Remote maintenance access through
PSTN
16/38
Sheet:CS
Plane
Protocol
Client
Initiator
control
X.29
CS
Dyn_CS/tcp
CS
2534/tcp
control
Suprout
CCD
Dyn_Win/tcp
CS
2545/tcp
Discovery
control
H225 RAS
GD, GA
INT_IP A
H323 end_point
CS
1718/udp
none
control
H225 RAS
GD, GA
INT_IP A
H323 end_point
CS
1719/udp
none
Call setup
control
H225 Q.931
GD, GA
INT_IP A
H323 end_point
CS
1720/udp
none
control
RAS
GD, GA
INT_IP A
Dyn_MG/udp
Dyn_MG/udp
Dyn_MG/udp
Dyn_?/udp
Dyn_MG/udp
Dyn_MG/udp
Dyn_MG/udp
Dyn_?/udp
Dyn_MG/udp
Dyn_MG/udp
Dyn_MG/udp
Dyn_?/udp
Dyn_MG/tcp
Dyn_MG/tcp
Dyn_MG/tcp
CS
9090/tcp
none
control
DNS
SIP end-point
Dyn_?
CS
53/udp
SIP proxy
control
SIP
SIP end-point
Dyn_?/tcp
CS
5060 (*)/tcp
Sip gateway
control
control
SIP
SIP
SIP end-point
SIP proxy
Dyn_?/udp
Dyn_?/tcp
CS
CS
5060 (*)/udp
6060 (*)/tcp
control
SIP
SIP proxy
Dyn_?/udp
CS
6060 (*)/udp
Purpose
Source port
Server
Responder
Service Port
Condition of Admission
OXE
Authenticati Confident
Activation
control? version?
on
iality
Notes
X.25
If PBX belongs
to a X.25
network of
PBXs
Always on
SIP
Configured in
MAO
When SIP
proxy is
activated
none
>=R6.1
<R7.0
<R6.0
17/38
Purpose
Sheet:CS
Plane
Protocol
Client
Initiator
Source port
Server
Responder
Service Port
control
SMTP
OTUC server
Dyn_?/tcp
4645
25/tcp
eVA configured
control
SMTP
?/tcp
4645
587/tcp
eVA configured
control
IMAP
143/tcp
eVA configured
IMAPS
Dyn_?/tcp
Dyn_CS/tcp
Dyn_?/tcp
4645
control
OTUC server
4645
OTUC server
4645
993/tcp
eVA configured
+ unknown
configuration
control
VIMAP
OTUC server
Dyn_?/tcp
4645
4033/tcp
eVA configured
control
HTTP
OTUC server
Dyn_?/tcp
4645
80/tcp
control
HTTPS
OTUC server
Dyn_?/tcp
4645
443/tcp
control
UA
CS
BP+128/udp
4645
BP+128/udp
If CS not in
securized mode
+ eVA
configured
If CS in
securized
mode + eVA
configured
eVA configured
control
UA
CS
BP+128/udp
4645
BP+132/udp
eVA configured
user
RTP/RTCP
4645
Dyn_Voice/udp
IPP, NOE
GD, GA
INT_IP A+B
BP+2,3/udp
eVA configured
Dyn_Voice/udp
Dyn_Voice/udp
user
RTP/RTCP
IPP, NOE
GD, GA
INT_IP A+B
4645
BP+2,3/udp
Dyn_Voice/udp
Dyn_Voice/udp
Dyn_?/tcp
4645
Condition of Admission
OXE
Authenticati Confident
Activation
control? version?
on
iality
Notes
4645 (eVA)
Mail Transfer
IMAP server
Signalling (abca)
Voice channel
VPIM
control
4645
4020 (*)/tcp
4021 (*)/tcp
eVA configured
OTUC myMessaging
?
idem
OTUC myMessaging
>=R6.1
yes
OTUC myMessaging
18/38
Purpose
Plane
Protocol
Client
Initiator
Sheet:CS
Source port
Server
Responder
Service Port
Condition of Admission
OXE
Authenticati Confident
Activation
control? version?
on
iality
Notes
control
ACD
CCD
Dyn_Win/tcp
CS
2538/tcp
Always on
control
ACDCCS
CCD
Dyn_Win/tcp
CS
2543/tcp
Always on
ACD PC agent
ACD Agent List Builder
Remote CSTA
control
control
control
ACDpcag
Alb
Rcsta
CCD
CCD
CCD
OTS
Dyn_Win/tcp
Dyn_Win/tcp
Dyn_?
CS
CS
CS
2544/tcp
2546/tcp
2555/tcp
Always on
Voice
encryption
Voice
encryption
password
control
TFTP
SSM, MSM
Dyn_xSM/udp
CS
69/udp
control
BTlink
CS
Dyn_CS/tcp
SSM
11000 (*)/tcp
Key exchange
control
CS
2048 (*)/udp
SSM
2049 (*)/udp
control
SSM, MSM
2048 (*)/udp
CS
2048 (*)/udp
control
UA lite
CS
Dyn_CS/udp
SSM
2049 (*)/udp
control
UA lite
CS
Dyn_CS/udp
SSM
2050 (*)/udp
Remote connection
support
TELNET
CS
Dyn_CS/tcp
SSM
23/tcp
control
Saverest
PC admin
Dyn_Win/tcp
CS
2536/tcp
Voice
encryption
Voice
encryption
Voice
encryption
Voice
encryption
Voice
encryption
TCP
wrappers
>=R6.2
>=R6.2
>=R6.2
>=R6.2
>=R6.2
>=R6.2
>=R6.2
Only from CS
4740 only
19/38
Source port
Service Port
4760 server
N/A
CS
N/A
FTP
4760 server
Dyn_Win/tcp
CS
21/tcp
If CS not in
securized
mode.
TCP
wrappers
TELNET
4760 server
Dyn_Win/tcp
CS
23/tcp
TCP
wrappers
SSH
4760 server
Dyn_Win/tcp
CS
22/tcp
If CS not in
securized
mode.
If CS in
securized
mode.
SMTP
4760 server
Dyn_Win/tcp
Mail server
25/tcp
no
HTTP
Web browser
Dyn_?/tcp
4760 server
80 (*)/tcp
no
SNMP
MIB browser
Dyn_?/udp
4760 server
161/udp
SNMP
4760 server
162/udp
Trap supervisor
162/udp
LDAP
LDAP replication
Dyn_Win/tcp
4760 server
389/tcp
if IPSEC not
configured
LDAP
CS
Dyn_CS/tcp
4760 server
389/tcp
Configure
LDAP overflow
server in MAO
anonymous
access
CMIP
4760 server
Dyn_Win/tcp
CS
2535/tcp
yes
STAP
4760 server
Dyn_Win/udp
CS
2556/udp
if IPSEC not
configured
if IPSEC not
configured
Plane
Protocol
ICMP
Sheet:CS
Server
Responder
Purpose
Client
Initiator
Condition of Admission
OXE
Authenticati Confident
Activation
control? version?
on
iality
Notes
control
no
login/pwd
no
login/pwd
no
password for
mtcl
yes
4760 <=
R3.1
TCP
wrappers
OXE>=6.0
4760>=4.0
no
IPsec shall be enabled only if LDAP
replication server do support IPsec.
Port can be configured in 4760 server
no
no
20/38
Protocol
Client
Initiator
CMIP
Sheet:CS
Source port
Server
Responder
Service Port
4760 server
Dyn_Win/tcp
4760 server
30001/tcp
HTTP
4760 server
Dyn_Win/tcp
4760 server
30010 (*)/tcp
GIOP
4760 server
Dyn_Win/tcp
4760 server
30013 (*)/tcp
GIOP
4760 server
Dyn_Win/tcp
4760 server
30020 (*)/tcp
GIOP
4760 server
Dyn_Win/tcp
4760 server
30026 (*)/tcp
HTTP
4760 client
Dyn_Win/tcp
4760 server
80 (*)/tcp
Kerberos
4760 client
88/udp
4760 server
88/udp
if IPSEC
configured
LDAP
4760 client
Dyn_Win/tcp
4760 server
389/tcp
if IPSEC not
configured
IKE
4760 client
Dyn_Win/tcp
4760 server
500/udp
if IPSEC
configured
ESP
4760 client
N/A
4760 server
N/A
TDS
4760 client
Dyn_Win/tcp
4760 server
30011 (*)/tcp
GIOP
4760 client
Dyn_Win/tcp
4760 server
SSH
4760 client
Dyn_Win/tcp
4760 server
30012 (*)/tcp,
30014 (*)/tcp
30019 (*)/tcp,
30022 (*)/tcp
30025 (*)/tcp
30028 (*)/tcp
if IPSEC
configured
if IPSEC not
configured
if IPSEC not
configured
TELNET
4760 client
Dyn_Win/tcp
4760 server
GIOP
4760 server
Dyn_Win/tcp
4760 client
Purpose
Plane
Condition of Admission
OXE
Authenticati Confident
Activation
control? version?
on
iality
IPsec
login/pwd
if IPSEC not
configured
if IPSEC not
configured
if IPSEC not
configured
if IPSEC not
configured
Notes
Not configurable (difference with other
4760 server service ports in the 300xx
range).
IPsec
IPsec
IPsec
IPsec
support
30100 (*)/tcp
30149 (*)/tcp
30500 (*)/tcp
30509 (*)/tcp
if IPSEC not
configured
if IPSEC not
configured
if IPSEC not
configured
yes
yes
4760 >=
R3.0
anonymous
+
login/pwd
IPsec
4760 >=
R3.0
yes
yes
4760 >=
R3.0
yes
yes
login/pwd
IPsec
no
IPsec
IPsec and
SSH
IPsec
IPsec
21/38
Purpose
Plane
Protocol
Client
Initiator
FTP
Sheet:CS
Source port
Server
Responder
Service Port
4760i
Dyn_?
CS
21/tcp
TELNET
4760i
Dyn_?
CS
23/tcp
SSH
4760i
Dyn_?
CS
22/tcp
HTTP
4760i
Dyn_?/tcp
CS
80/tcp
HTTPS
4760i
Dyn_?/tcp
CS
443/tcp
GIOP
4760i
Dyn_?/tcp
CS
5540/tcp
Condition of Admission
OXE
Authenticati Confident
Activation
control? version?
on
iality
Notes
4760i (eConfig)
File transfer: MAO data during managem
save/restore operations
ent
Remote connection managem
ent
Remote connection and file transfert managem
(MAO data during save/restore
ent
operations)
Applet download managem
ent
If CS not in
securized
mode.
If CS not in
securized
mode.
If CS in
securized
mode.
If CS not in
securized
mode.
TCP
wrappers
password for
mtcl
TCP
wrappers
password for
mtcl
If CS in
securized
mode.
none
TCP
wrappers
>=R6.0
none
password for
mtcl
none
>=R6.1
none
yes
yes
no
CORBA access
password for
mtcl
no
login/pwd
yes
yes
no
ACAPI 2.x
File transfer: MIB
managem
ent
FTP
ACAPI 2.x
Dyn_Win/tcp
CS
21/tcp
managem
ent
SSH
ACAPI 2.x
Dyn_Win/tcp
CS
22/tcp
PBX configuration
managem
ent
CMIP
ACAPI 2.x
Dyn_Win/tcp
CS
2535/tcp
Remote maintenance
support
TELNET
PC support
Dyn_?/tcp
CS
23/tcp
Maintenance access
support
SSH
PC support
Dyn_?/tcp
CS
22/tcp
Webtools
support
HTTP
PC support
Dyn_?/tcp
CS
80/tcp
Webtools
support
HTTPS
PC support
Dyn_?/tcp
CS
443/tcp
If CS not in
securized
mode.
If CS in
securized
mode.
TCP
wrappers
TCP
wrappers
>=R6.0
Support PC
(*)
If CS not in
securized
mode.
If CS in
securized
mode.
If CS not in
securized
mode.
If CS in
securized
mode.
TCP
wrappers
TCP
wrappers
>=R6.0
none
none
yes
yes
22/38
Sheet:MG
Protocol
Client
Initiator
Source port
control
ICMP
router
N/A
Autodiagnostic
support
ICMP
INT_IP A+B
N/A
Diagnosis of white
communications
support
ICMP
GD, GA
manage
ment
control
SNMP
DHCP
control
TFTP
control
TFTP
Purpose
Dynamic IP configuration
GD configuration and software
upgrade (file download: binaries
(binmg)+config (lanpbx.cfg,
startmgd)+voice guides
UA phone sets initialization
downloads lanpbx.cfg, starttscip,
startnoe,
Server
Responder
Service port
Condition
of
Activation
Admission
control?
Notes
GD, GA
INT_IP B
router
CS
N/A
ICMP redirect
N/A
N/A
CS
GD,GA
INT_IP A+B
N/A
MIB browser
Dyn_?/udp
GD, GA
161/udp
GD
INT_IP B
GD, GA
INT_IP A+B
68/udp
DHCP server
67/udp
Dyn_MG/udp
Dyn_INT_IP/udp
CS
69/udp
69/udp
Dyn_NOE/udp
GD
69/udp
Dyn_IPP/udp
Dyn_NOE/udp
Dyn_Win/udp
community
string
Request sent in broadcast (as
per RFC)
Survivability
mode only
23/38
Sheet:MG
Protocol
Client
Initiator
Source port
Server
Responder
Service port
UA
UA
CS, INT_IP A
GD
BP+128/udp
BP+128/udp
GD, INT_IP B
GA
BP+128/udp
BP+128/udp
Survivability against CS
connectivity loss
Rescuing side control
UA
CS
BP+128/udp
GD
BP+130/udp
Survivability
mode only
UA
GD
INT_IP A+B
BP+128/udp
IPP, NOE
Softphone
BP/udp
Survivability
mode only
Rescued side
Encryption support
Voice commands control
UA lite
BP+130/udp
MSM
2049 (*)/udp
UA lite
GD, GA
INT_IP A+B
GD, GA
INT_IP A+B
BP+131/udp
MSM
2050 (*)/udp
Voice
encryption
Voice
encryption
Purpose
Plane
Condition
of
Activation
Admission
control?
Notes
Proprietary signaling
24/38
Purpose
Plane
Client
Initiator
Protocol
Source port
Sheet:MG
Server
Responder
Service port
Condition
of
Activation
Iff a H.323
trunk is
declared
Iff a H.323
trunk is
declared
Iff a H.323
trunk is
declared
Admission
control?
Notes
H.323 RAS
Dyn_?/udp
GD, GA
INT_IP A
1718/udp
Dyn_?/udp
GD, GA
INT_IP A
1719/udp
Dyn_?/udp
INT_IP A
1720/udp
GD, GA
INT_IP A
H.323 extern gw
H.323 end_point
GD, GA
INT_IP A
H.323 extern gw
H.323 end_point
GD, GA
INT_IP A
Dyn_H225_CLT/tcp
GD, GA
INT_IP A
H.323 extern gw
1720/tcp
?/tcp
GD
Dyn_H225_CLT/tcp
Dyn_?/tcp
GD, GA
INT_IP A
1961/tcp
Dyn_H245_CLT/tcp
Dyn_?/tcp
Dyn_?/tcp
?/tcp
GD, INT_IP A
Dyn_H245_SRV/tcp
GA
Dyn_H245_GA/tcp
Dyn_?/tcp
GD
4560/tcp
GD, GA
INT_IP A
H.323 end_point
GD, GA
INT_IP A
H.323 end_point
H.323 end_point
GD, INT_IP A
H.323 extern gw
H.323 end_point
?
No more needed?
Iff a H.323
trunk is
declared
Iff a H.323
trunk is
declared
25/38
Purpose
Client
Initiator
Plane
Protocol
Source port
user
RTP/RTCP
GD, GA
INT_IP A+B
Dyn_Voice/udp
user
RTP/RTCP
IPP, NOE
Softphone
user
T.38
user
T.38
Sheet:MG
Server
Responder
Admission
control?
Notes
Service port
Condition
of
Activation
IPP, NOE
Softphone
BP+2,3/udp
START_RTP
in signaling
BP+2,3/udp
GD, GA
INT_IP A+B
Dyn_Voice/udp
START_RTP
in signaling
GD, GA
INT_IP A+B
Dyn_Voice/udp
Fax
?/udp
START_FAX
in signaling
Fax
?/udp
GD, GA
INT_IP A+B
Dyn_Voice/udp
START_FAX
in signaling
Fax over IP
26/38
Protocol
Client
Initiator
Source port
TELNET
CS
Dyn_CS/tcp
support
Maintenance file transfer support
support
TELNET
TFTP
FTP
GD, GA
PC support
GD, GA
ASCII
CS
Purpose
Plane
Sheet:MG
Server
Responder
Service port
Condition
of
Activation
Admission
control?
GD, GA
INT_IP A+B
23/tcp
always on
Incoming
connection
request
allowed only
from Call
Server
Dyn_MG/tcp
Dyn_?/udp
Dyn_MG/tcp
PC support
INT_IP A+B
PC support
23/tcp
69/udp
21/tcp
always on
Dyn_CS/udp
GD
BP+130/udp
Notes
Activation in
MAO
27/38
Sheet:Auxiliaries
Source port
Server
Responder
?
?
?
GD, GA
INT_IP A+B
?/tcp
?/udp
Dyn_?/tcp
Dyn_Voice/udp
Audiocode
Audiocode
Audiocode
Audiocode
1720/tcp
1719/udp
Dyn_?/tcp
Dyn_Audiocode/u
dp
RTP/RTCP
Audiocode
PC admin
GD, GA
INT_IP A+B
Audiocode
Dyn_Voice/udp
HTTP
Dyn_Audiocode/u
dp
Dyn_?/tcp
80/tcp
Optional
Syslog
2048
Audiocode
514/udp
Optional
SNMP
1024
Audiocode
160,161/udp
Optional
TELNET
PC support
Dyn_?/tcp
MOXA
23/tcp
CS
Dyn_CS/tcp
MOXA
4000/tcp
CS
Dyn_CS/tcp
MOXA
[950,965]/tcp
control
CS
Dyn_CS/tcp
MOXA
[966, 981]/tcp
manageme
nt
Dyn_?/udp
MOXA
1028/udp
Plane
Protocol
control
control
control
user
H.225
H.323
H.245
RTP/RTCP
user
manageme
nt
manageme
nt
manageme
nt
Client
Initiator
Service port
Condition Admission
control?
of
Activation
OXE
version
Notes
Web
Syslog
SNMP
Mandatory
Optional
Mandatory
Direction of first packet
cannot be predetermined:
both directions shall be
enabled
Command port
Broacast monitor real com installer
manageme
nt
manageme
nt
user
28/38
Sheet:Auxiliaries
Plane
Protocol
Client
Initiator
Signaling link
Client API on WIndows system
control
control
UA
HTTP
CS
PC appli
BP+128/udp
Dyn_Win/tcp
PRS
PRS
2570/udp
8080/tcp
control
HTTP
PC appli
Dyn_Lnx/tcp
PRS
manageme
nt
support
user
HTTP
PC admin
Dyn_?/tcp
PRS
8080/tcp
8083/tcp
2010/tcp
?
HTTP
PC admin
NOE
Dyn_?/tcp
Dyn_NOE
PRS
PRS or
API servers
2009/tcp
80/tcp
support
FTP
PC support
Dyn_Win/tcp
CS
21/tcp
support
SSH
PC support
Dyn_Win/tcp
CS
22/tcp
support
FTP
CS
Dyn_CS/tcp
PC Installer
21/tcp
DHCP client
support
DHCP
CS
68/udp
PC Installer
67/udp
TFTP client
support
TFTP
CS
Dyn_CS/udp
PC Installer
69/udp
Purpose
Source port
Server
Responder
Service port
Condition Admission
control?
of
Activation
OXE
version
Notes
Web-based management
PRS monitoring
NOE applications
NOE >= v3
If CS not in
securized
mode.
If CS in
securized
mode
mtcl pwd
mtcl pwd
>=R6.0
PC Installer
29/38
Sheet:UA terminals
Plane
Protocol
Client
Initiator
Source port
Server
Responder
Service port
control
ICMP
IPP
N/A
router
N/A
control
ICMP
NOE
N/A
router
N/A
control
ICMP
router
N/A
N/A
manage
ment
control
SNMP
MIB browser
Dyn_?/udp
IPP, NOE,
MIPT
IPP
161/udp
DHCP
68/udp
DHCP server
67/udp
control
TFTP
IPP, NOE,
MIPT
IPP
NOE, MIPT
Softphone
Dyn_IPP/udp
Dyn_NOE/udp
Dyn_Win/udp
TFTP server
69/udp
control
LDAP
Softphone
Dyn_Win/tcp
LDAP server
389/tcp
UA
CS, INT_IP A
BP+128/udp
BP/udp
control
control
STAP
UA
CS, INT_IP A
GD
INT_IP A+B
2556/udp
BP+128/udp
IPP, NOE,
MIPT
Softphone
IPP, NOE,
MIPT
control
Encryption of voice and signaling control
ATAPI
IKE
Softphone
SSM
Dyn_Win/tcp
Dyn_?/udp
OTS
NOE
3595/tcp
500/udp
ESP
SSM
N/A
NOE
N/A
Dynamic IP configuration
Phone configuration and software
upgrade (file download:
binaries+config information
Download lanpbx.cfg, starttscip,
startnoe)
Phone directory
Condition of
Activation
Admission
control?
Version?
Notes
If dynamic
configuration
Proprietary signaling
Signaling link control
control
BP/udp
BP/udp
When in survivability
mode
When in encrypted
mode
When in encrypted
mode
OXE >=
R6.2
OXE >=
R6.2
30/38
Purpose
Client
Initiator
Source port
Server
Responder
Sheet:UA terminals
Plane
Protocol
Service port
user
RTP/RTCP
or
SRTP/SRTCP
GD, GA
INT_ IP A+B
Dyn_Voice/udp
IPP, NOE,
MIPT,
Softphone
BP+2,3/udp
user
RTP/RTCP
or
SRTP/SRTCP
IPP, NOE,
MIPT
BP+2,3/udp
GD, GA
INT_ IP A+B
Dyn_Voice/udp
user
RTP/RTCP
Softphone
Dyn_Win/udp
GD, GA
INT_ IP A+B
Dyn_Voice/udp
user
RTP/RTCP
or
SRTP/SRTCP
IPP, NOE,
MIPT
BP+2,3/udp
IPP, NOE,
MIPT,
Softphone
BP+2,3/udp
user
RTP/RTCP
or
SRTP/SRTCP
IPP, NOE,
MIPT
BP+2,3/udp
IPP, NOE,
MIPT
BP+2,3/udp
user
RTP/RTCP
Softphone
Dyn_Win/udp
IPP, NOE,
MIPT
BP+2,3/udp
user
HTTP
NOE
Dyn_NOE
PRS
API servers
80/tcp
Condition of
Activation
Admission
control?
Version?
Notes
with gateways
Voice channel
Voice quality control
between UA phones
Applications
NOE applications
support
TELNET
PC support
Dyn_?/tcp
IPP
23/tcp
always on
support
TELNET
PC support
Dyn_?/tcp
NOE
23/tcp
SET_PARAM UA
message with telnetd
timeout
Incoming
connection
request
allowed only
from Call
Server
none
31/38
Sheet:OTUC
Plane
Protocol
control
control
control
control
user
ATAPI
LDAP
TFTP
STAP
RTP/RTCP
Client
Initiator
Source port
Server
Responder
Service Port
OTS
LDAP server
TFTP server
Client
Softphone
3595/tcp (*)
389/tcp
69/udp
BP/udp
BP+2,3/udp
OTUC
Authentication Confidentiality Integrity
version?
Notes
myPhone
Proprietary signaling
Voice
Client
Dyn_Win/tcp
Client
Dyn_Win/tcp
Client
Dyn_Win/udp
CS
2556/udp
GD, GA, 46x5 Dyn_Voice/udp
INT_IP A+B Dyn_Voice/udp
Dyn_MS/udp
Media Server
BP+2,3/udp
IPP, NOE
YES
NO
NO
?
NO
NO
NO
NO
NO
NO
user
RTP/RTCP
Softphone
Dyn_Win/udp
Dyn_Voice/udp
Dyn_Voice/udp
Dyn_MS/udp
BP+2,3/udp
NO
control
control
CSTA
CMISD
Service Infra
Service Infra
Dyn_?/tcp
Dyn_?/tcp
CS
CS
2555/tcp
2535/tcp
YES
YES
control
HTTP
Client
Dyn_Win/tcp
Service Infra
8080/tcp
YES
YES (HTTPS)
control
control
control
control
control
SOAP/HTTP
IMAP4
FlexLM
MAPI
IMAP4
Client
Client
Client
Client
Client
Dyn_Win/tcp
Dyn_Win/tcp
Dyn_Win
Dyn_Win/tcp
Dyn_Win/tcp
8083/tcp
143/tcp (993/tcp)
27000
?/tcp
143/tcp (993/tcp)
?
YES
?
YES if IMAP4s
YES
YES
YES if IMAP4s
control
control
control
control
HTTP
SOAP/HTTP
NAPI
IMAP4
Client
Client
Client
Client
Dyn_Win/tcp
Dyn_Win/tcp
Dyn_Win/tcp
Dyn_Win/tcp
control
control
HTTP
SOAP/HTTP
Client
Client
Dyn_Win/tcp
Dyn_Win/tcp
Service Infra
46x5
Service Infra
Exchange
46x5
IMAP4 Server
Service Infra
Service Infra
Domino
46x5
IMAP4 Server
Service Infra
Service Infra
Email server
Store Voice Message
IMAP4 server access
control
control
SMTP
IMAP4
Service Infra
Service Infra
Dyn_?/tcp
Dyn_?/tcp
Email server
Email server
25/tcp
143/tcp
control
control
control
control
HTTP
HTTP
HTTP
HTTP
Service Infra
Service Infra
Service Infra
Email server
Dyn_?/tcp
Dyn_?/tcp
Dyn_?/tcp
Dyn_?/tcp
Email server
Email server
Email server
Service Infra
8000/tcp
8001/tcp
8002/tcp
8082/tcp
Service Infrastructure
CS interfacing
Mngt Interfacing
NO
OTS server
OTS server
myMessaging
Web client
Outlook Client
Lotus Client
8080/tcp
8083/tcp
?/tcp
143/tcp (993/tcp)
8080/tcp
8083/tcp
>=R3.x
>=R3.x
>=R3.x
YES
?
YES
YES
YES (HTTPS)
?
YES if IMAP4s
YES
?
YES (HTTPS)
?
Only if LARGE or
Websoftphone
Not for Websoftphone
Only if integrated voice mail
Not for Websoftphone
Only if integrated voice mail or
external IMAP server
Only if LARGE
32/38
Purpose
Voice Application
Source port
Server
Responder
Service Port
Sheet:OTUC
Plane
Protocol
Client
Initiator
control
control
IMAP4
VMMC2/HTTP
Service Infra
Service Infra
Dyn_?/tcp
Dyn_?/tcp
46x5
46x5
143/tcp (993/tcp)
80/tcp
YES
YES
YES if IMAP4s
NO
control
SIP
CS
5060 (*)/udp
MS
5060 (*)/udp
NO
user
RTP/RTCP
MS
Dyn_MS/udp
NO
NO
user
RTP/RTCP
MS
Dyn_MS/udp
control
control
HTTP/VXML
HTTP/PPR
MS
Service Infra
Dyn_?/tcp
Dyn_?/tcp
OTUC
Authentication Confidentiality Integrity
version?
Notes
Dyn_Voice/udp
Dyn_Voice/udp
BP+2,3/udp
NO
NO
8080/tcp
8015/tcp
NO
NO
NO
NO
1099/tcp
27000
YES
389
YES
YES
YES
YES (HTTPS)
myAssistant
no specific flow
Notes
OTUC application
Licences access
control
control
Java RMI
FlexLM
another CS
Service Infra
Dyn_CS/tcp
Dyn_?
Directories
control
LDAP
Service Infra
Dyn_?
Service Infra
Licences
Server
Directory
SQL Database
control
Service Infra
Dyn_?
Database
API openness
control
Third party
Dyn_?/tcp
Service Infra
8080/tcp
(*)
SOAP/HTTP
33/38
Sheet:OTCC
Protocol
Client
Initiator
FTP
PC admin
Dyn_?
Afe
21/tcp
manage
ment
control
control
support
CMIS
?
Text
Dyn_CS
Dyn_Win
Dyn_?
Cmisd
Afe
Afe
2535/tcp
2538/tcp
2538/tcp
OXE
OXE
OXE
YES
YES
NO
Debug only
support
TELNET
Dyn_?
Afe
2538/tcp
OXE
NO
Debug only
control
support
?
Text
Dyn_Win
Dyn_?
Afe
CCS Server
2538/tcp
2543/tcp
OXE
OXE or
Windows
NO
NO
Debug only
control
Afe
CCS
PC support
(adm_acd)
PC support
(terminal)
CCS Server
PC support
(adm_acd servccs)
CCS
Dyn_Win
CCS Server
2543/tcp
YES
pilot_test
support
UA
Purpose
Source
port
Server
Responder
Service
Port
Port
Location
Condition of Authentication
activation
Notes
CCD
Stats transfer <==>
YES
rtest
2554/tcp
PC support
(pilot_test)
control
CSTA / C
Afe
support CSTA / ASN1 Pilot/Pilot2a
OXE or
Windows
OXE
?
?
CSTA server
CSTA Server
2555/tcp
2555/tcp
support
control
support
support
CSTA / C
HTML
TELNET
LIS
Pilot2
Browser
telnet
lis
?
?
?
?
CSTA Server
CSTA Server
CSTA Server
rlis
manage
ment
LIS
lisEA
rlisEA
lisEA
Manual
configuration
NO
Test only
OXE
OXE
NO
NO
Test only
2555/tcp
2555/tcp
2555/tcp
2560/tcp
OXE
OXE
OXE
OXE
NO
NO
NO
YES
2561/tcp
OXE
Manual
configuration
EAU
configuration
YES
Test only
Debug only
Test SOSM
34/38
Purpose
Protocol
Client
Initiator
control
Alb
Plane
Source
port
Server
Responder
Sheet:OTCC
Service
Port
Port
Location
Condition of Authentication
activation
Afe
2538/tcp
OXE
NO
Notes
control
Asm
Afe
2538/tcp
OXE
NO
support
Text
Alb/Asm
2546/tcp
control
ASM Manager
2546/tcp
Scripting <==>
control
Alb/Asm
ASM SE
2546/tcp
control
debugger
Alb/Asm
2546/tcp
OXE or
Windows
OXE or
Windows
OXE or
Windows
OXE or
Windows
NO
adm_acd salb
Alb/Asm
control
ODBC
Customer
Database
Asm
?/tcp
Scripting
support
Debug only
NO
YES
YES
YES
1969/tcp
Windows
OXE
Not used
WFP
Statistics importing <==>
Statistics exporting =>
Wfp
Afe
2538/tcp
NO
FTP
customer
host
WFP
?/tcp
?
?
Afe
CCA Server
2538/tcp
2544/tcp
OXE
Windows
NO
NO
?
?
?
?
Manager
CCA Server
OTS
CSTA Server
2544/tcp
2544/tcp
3595/tcp
2555/tcp
Windows
Windows
Windows
OXE
YES
YES
YES
YES
YES
control
support
control
control
control
control
?
Text
CCA Server
adm_acd spcag
?
CCA Server
?
CCA
ATAPI
CCA
CSTA / ASN1
OTS
Debug only
35/38
Purpose
Plane
Protocol
Client
Initiator
Source
port
Server
Responder
Sheet:OTCC
Service
Port
Port
Location
Condition of Authentication
activation
Notes
?
?
?
?
WEB Server
FTP Server
Synchro
Server
Config Server
Genesys
T-Server
CCA
CCOSE
Afe
control
control
control
HTTP
FTP
?
control
support
2555/tcp
OXE
NO
80/tcp
2121/tcp
2538/tcp
Windows
Windows
OXE
NO
YES
NO
CCOSE
2020/tcp
Windows
YES
CCOSE
1970/tcp
Windows
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
CSTA server
ADM
ADM
ADM
ADM
ADM
ADM
ADM
ADM
ADM
ADM
ADM
ADM
ADM
ADM
ADM
ADM
ADM
ADM
ADM
900/tcp
10000/tcp
11000/tcp
901/tcp
902/tcp
903/tcp
904/tcp
906/tcp
907/tcp
908/tcp
909/tcp
910/tcp
911/tcp
913/tcp
914/tcp
950/tcp
951/tcp
952/tcp
953/tcp
954/tcp
Windows
Windows
Windows
Windows
Windows
Windows
Windows
Windows
Windows
Windows
Windows
Windows
Windows
Windows
Windows
Windows
Windows
Windows
Windows
Windows
Not used
control
control
control
control
control
control
control
control
control
control
control
control
control
control
control
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
ADM
EST
appli
ADS
ALARM
DBS
RPM
SMS
STS
VPRM
AMBX
EAS
SAS
SASDISP
ACRS
extra1
extra2
extra3
extra4
extra5
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
36/38
Purpose
Plane
Protocol
myserver
performTest
SIM_dataServer
support
support
support
?
?
?
SIM_DBS
SIM_VPRM
TBBS
TSA
support
support
?
?
?
Client
Initiator
Source
port
Server
Responder
Sheet:OTCC
Service
Port
Port
Location
Condition of Authentication
activation
Notes
?
?
?
ADM
ADM
ADM
850/tcp
851/tcp
852/tcp
Windows
Windows
Windows
YES
YES
YES
Test only
Test only
Test only
?
?
?
?
?
myserver
performTest
SIM_dataSer
ver
SIM_DBS
SIM_VPRM
TBBS
TSA
TSA
?
?
?
?
?
ADM
ADM
Windows
Windows
Windows
Windows
Windows
YES
YES
YES
YES
YES
Test only
Test only
ADM
ADM
853/tcp
854/tcp
855/tcp
111/tcp
708/tcp
? control
T-server
?/tcp
CS
0/tcp
N/A
? control
T-server
?/tcp
client
0/tcp
N/A
Genesys
37/38
Sheet:VoWLAN
Plane
Protocol
Client
Initiator
Source port
Server
Responder
Service Port
Condition VoWLAN
of
version?
activation
Notes
control
DHCP
MIPT
68/udp
SVP
67/udp
Download configuration
files, binary, menu files
Spectralink voice protocol
control
TFTP
MIPT
Dyn_WLAN/udp
TFTP server
69/udp
control
SRP (119)
MIPT
N/A
SVP
N/A
control
H.323/H.225
GD
Dyn_H225_CLT/tcp
MIPT (NATed)
1720/tcp
control
Dyn_WLAN/tcp
GD
1720/tcp
H.245 to GD
control
Dyn_WLAN/tcp
GD
Dyn_H245_SRV/tcp
H.245 to MIPT
control
H.323/H.245
GD
Dyn_H245_CLT/tcp
MIPT (NATed)
41788/tcp
user
RTP/RTCP
19282/udp
RTP/RTCP
Dyn_Voice/udp
Dyn_Voice/udp
Dyn_MS/udp
BP+2/udp
Dyn_?/udp
19282/udp
MIPT (NATed)
user
Dyn_Voice/udp
Dyn_Voice/udp
Dyn_MS/udp
BP+2/udp
Dyn_?/udp
38/38
Sheet:VoWLAN
Plane
Protocol
Client
Initiator
Source port
Server
Responder
Service Port
Dynamic IP configuration
control
DHCP
SVP
68/udp
DHCP server
67/udp
control
H.323/H.225
GD
1719/udp
SVP
1719/udp
support
TFTP
SVP
Dyn_WLAN/udp
TFTP server
69/udp
manage
ment
TELNET
PC support
Dyn_?/tcp
SVP
21/tcp
Maintenance download of
configuration files, binary
support
TFTP
OAW
Dyn_WLAN/udp
TFTP server
69/udp
Management console
access
manage
ment
manage
ment
manage
ment
manage
ment
manage
ment
manage
ment
manage
ment
TELNET
PC support
Dyn_?/tcp
OAW
21/tcp
SSH
PC support
Dyn_?/tcp
OAW
22/tcp
HTTP
PC admin
Dyn_?/tcp
OAW
80/tcp
HTTPS
PC admin
Dyn_?/tcp
OAW
443/tcp
SYSLOG
OAW
Dyn_WLAN/udp
syslog server
514/udp
SNMP
Supervision
console
OAW
Dyn_?/udp
OAW
161/udp
Dyn_WLAN/udp
Supervision
console
162/udp
Purpose
Condition VoWLAN
of
version?
activation
Notes
SVP management
Management console
access
OAW management
Web-based management
Journaling output
SNMP requests
SNMP traps
SNMP